Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0396

10 documents9 sources

Severity

7.5HIGH

EPSS

86.6%

top 0.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

CVS CVS

Timeline

PublishedJun 14

Latest updateMay 3

Description

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiancvs< 1:1.12.5-6+3

▶NVDcvs/cvs1.11, 1.12+1

Patches

Patch: www.debian.org ↗Patch: www.kb.cert.org ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-qvjj-23hg-238h: Heap-based buffer overflow in CVS 1↗2022-05-03

▶

OSV

CVE-2004-0396: Heap-based buffer overflow in CVS 1↗2004-06-14

▶

CVEList

CVE-2004-0396: Heap-based buffer overflow in CVS 1↗2004-05-20

▶

💥Exploits & PoCs

Exploit-DB

CVS (Linux/FreeBSD) - Remote Entry Line Heap Overflow↗2004-06-25

▶

Exploit-DB

CVS - Remote Entry Line Root Heap Overflow↗2004-06-25

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-05-19

▶

BSD

FreeBSD-SA-04:10.cvs: CVS pserver protocol parser errors↗2004-05-19

▶

Debian

CVE-2004-0396: cvs - Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7,...↗2004

▶

💬Community

Bugzilla

CVE-2004-0396 security flaw↗2018-08-16

▶